Stl: improved check for dangerous usage of c_str

2010-10-19 20:21:58 +02:00 · 2010-10-19 20:21:58 +02:00 · 20674e08d0
parent 2ca7dbc004
commit 20674e08d0
2 changed files with 26 additions and 1 deletions
--- a/lib/checkstl.cpp
+++ b/lib/checkstl.cpp
@ -929,6 +929,7 @@ void CheckStl::string_c_str()
        if (Token::Match(tok, ") const| {"))
        {
            std::set<unsigned int> localvar;
+            std::set<unsigned int> pointers;

            // scan through this executable scope:
            unsigned int indentlevel = 0;
@ -948,6 +949,10 @@ void CheckStl::string_c_str()
                    localvar.insert(tok->tokAt(3)->varId());
                else if (Token::Match(tok->previous(), "[;{}] %type% %var% ;"))
                    localvar.insert(tok->next()->varId());
+                else if (Token::Match(tok->previous(), "[;{}] %type% * %var% ;"))
+                    pointers.insert(tok->tokAt(2)->varId());
+                else if (Token::Match(tok->previous(), "[;{}] %type% %type% * %var% ;"))
+                    pointers.insert(tok->tokAt(3)->varId());

                // Invalid usage..
                else if (Token::Match(tok, "throw %var% . c_str ( ) ;") &&
@ -956,6 +961,20 @@ void CheckStl::string_c_str()
                {
                    string_c_strError(tok);
                }
+                else if (Token::Match(tok, "[;{}] %var% = %var% . str ( ) . c_str ( ) ;") &&
+                         tok->next()->varId() > 0 &&
+                         pointers.find(tok->next()->varId()) != pointers.end())
+                {
+                    string_c_strError(tok);
+                }
+                else if (Token::Match(tok, "[;{}] %var% = %var% (") &&
+                         Token::Match(tok->tokAt(4)->link(), ") . c_str ( ) ;") &&
+                         tok->next()->varId() > 0 &&
+                         pointers.find(tok->next()->varId()) != pointers.end() &&
+                         Token::findmatch(_tokenizer->tokens(), ("std :: string " + tok->strAt(3) + " (").c_str()))
+                {
+                    string_c_strError(tok);
+                }
            }
        }
    }
--- a/test/teststl.cpp
+++ b/test/teststl.cpp
@ -1116,12 +1116,18 @@ private:
              "}");
        ASSERT_EQUALS("[test.cpp:3]: (error) Dangerous usage of c_str()\n", errout.str());

+        check("void f() {\n"
+              "    std::ostringstream errmsg;\n"
+              "    const char *c = errmsg.str().c_str();\n"
+              "}");
+        ASSERT_EQUALS("[test.cpp:3]: (error) Dangerous usage of c_str()\n", errout.str());
+
        check("std::string f();\n"
              "\n"
              "void foo() {\n"
              "    const char *c = f().c_str();\n"
              "}");
-        TODO_ASSERT_EQUALS("[test.cpp:4]: (error) Dangerous usage of c_str()\n", errout.str());
+        ASSERT_EQUALS("[test.cpp:4]: (error) Dangerous usage of c_str()\n", errout.str());
    }
 };